[issue40457] Python fails to compile/load _ssl module if OpenSSL is compiled with no-tls1-method

Manuel Jacob added the comment: For the record, I’ve added a comment to the pull request about that ssl.PROTOCOL_TLSv1_1 / ssl.PROTOCOL_TLSv1_2 are now defined unconditionally. https://github.com/python/cpython/commit/6e8cda91d92da72800d891b2fc2073ecbc134d98#r39569316 -- nosy:

[issue40457] Python fails to compile/load _ssl module if OpenSSL is compiled with no-tls1-method

Christian Heimes added the comment: Fixes have landed in 3.7 to 3.9. Thanks for the report! :) -- resolution: -> fixed stage: patch review -> resolved status: open -> closed ___ Python tracker

[issue40457] Python fails to compile/load _ssl module if OpenSSL is compiled with no-tls1-method

Christian Heimes added the comment: New changeset 43b355e53fd0796990a8810cd3461c197e20a3b9 by Miss Islington (bot) in branch '3.7': [3.7] bpo-40457: Support OpenSSL without TLS 1.0/1.1 (GH-19862) (GH-20126) https://github.com/python/cpython/commit/43b355e53fd0796990a8810cd3461c197e20a3b9

[issue40457] Python fails to compile/load _ssl module if OpenSSL is compiled with no-tls1-method

miss-islington added the comment: New changeset a669443dfb79fc6aca2544b885895814798db15b by Miss Islington (bot) in branch '3.8': bpo-40457: Support OpenSSL without TLS 1.0/1.1 (GH-19862) https://github.com/python/cpython/commit/a669443dfb79fc6aca2544b885895814798db15b --

[issue40457] Python fails to compile/load _ssl module if OpenSSL is compiled with no-tls1-method

Change by miss-islington : -- pull_requests: +19432 pull_request: https://github.com/python/cpython/pull/20127 ___ Python tracker ___

[issue40457] Python fails to compile/load _ssl module if OpenSSL is compiled with no-tls1-method

Change by miss-islington : -- pull_requests: +19431 pull_request: https://github.com/python/cpython/pull/20126 ___ Python tracker ___

[issue40457] Python fails to compile/load _ssl module if OpenSSL is compiled with no-tls1-method

miss-islington added the comment: New changeset 6e8cda91d92da72800d891b2fc2073ecbc134d98 by Christian Heimes in branch 'master': bpo-40457: Support OpenSSL without TLS 1.0/1.1 (GH-19862) https://github.com/python/cpython/commit/6e8cda91d92da72800d891b2fc2073ecbc134d98 -- nosy:

[issue40457] Python fails to compile/load _ssl module if OpenSSL is compiled with no-tls1-method

Mitch Lindgren added the comment: Thanks for the quick turnaround! -- ___ Python tracker ___ ___ Python-bugs-list mailing list

[issue40457] Python fails to compile/load _ssl module if OpenSSL is compiled with no-tls1-method

Christian Heimes added the comment: Thanks for the bug report. I've created a PR to check for the correct flags in _ssl__SSLContext_impl(). I'll backport the fix to 3.8 and 3.7. 3.6 and older are in security-only mode. -- versions: +Python 3.9 -Python 3.5, Python 3.6

[issue40457] Python fails to compile/load _ssl module if OpenSSL is compiled with no-tls1-method

Change by Christian Heimes : -- keywords: +patch pull_requests: +19176 stage: -> patch review pull_request: https://github.com/python/cpython/pull/19862 ___ Python tracker

[issue40457] Python fails to compile/load _ssl module if OpenSSL is compiled with no-tls1-method

Mitch Lindgren added the comment: I'd be happy to work on a patch for this. I think the simplest approach would be to change this block starting on line 3087: if (proto_version == PY_SSL_VERSION_TLS1) ctx = SSL_CTX_new(TLSv1_method()); #if HAVE_TLSv1_2 else if (proto_version

[issue40457] Python fails to compile/load _ssl module if OpenSSL is compiled with no-tls1-method

New submission from Mitch Lindgren : I'm working on a project which uses OpenSSL 1.1.1g. For security and compliance reasons, it is built with SSL and TLS < 1.2 methods compiled out, using the following OpenSSL build options: no-ssl no-ssl3 no-tls1 no-tls1_1 no-ssl3-method no-tls1-method